Re: one user access all databases

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Tuesday, 22 March 2011 12:12:53 Hendrik van der Ploeg wrote:
> ok thanks,
> 
> But how can I set the user in a seperate database to have access to a
> different database?

> > Use a separate local database with a suitable backend (e.g. hdb or bdb).

Any "local" DN can appear in access control statements for any other database.

Here is one example (allowing "local" users in dc=ranger,dc=dnsalias,dc=com 
access to cn=config)

[bgmilne@tiger ~]$ ldapsearch -Q -LLL -b cn=config "(olcDatabase=config)" 
olcAccess
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by group="cn=LDAP Admins,ou=System Groups,dc=ranger,dc=dnsa
 lias,dc=com" ssf=112 write
olcAccess: {1}to *  by * none

[bgmilne@tiger ~]$ ldapwhoami -Q
dn:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com
[bgmilne@tiger ~]$ ldapcompare -Q 'cn=LDAP Admins,ou=System 
Groups,dc=ranger,dc=dnsalias,dc=com' 
member:uid=bgmilne,ou=people,dc=ranger,dc=dnsalias,dc=com
TRUE

(BTW, please keep replies on-list, and while we're at it, try avoid 
unnecessary top-posting)

Regards,
Buchan